Merge tag 'v4.1.39' into linux-linaro-lsk-v4.1lsk-v4.1-17.03

This is the 4.1.39 stable release
author: Alex Shi <alex.shi@linaro.org> 2017-03-20 12:02:26 +0800
committer: Alex Shi <alex.shi@linaro.org> 2017-03-20 12:02:26 +0800
commit: d97f745e1d2fea4d2f308e5e06eee81a9a84f3f5 (patch)
tree: 1a24a0ad0c33e1d6344d2454b61748afb74a6693 /kernel/capability.c
parent: cb370744bc101be91a0bc3e9fbdb670ab44df97d (diff)
parent: d9e0350d2575a20ee7783427da9bd6b6107eb983 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index 45432b54d5c6..022df097a6bc 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -447,3 +447,23 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
 		kgid_has_mapping(ns, inode->i_gid);
 }
 EXPORT_SYMBOL(capable_wrt_inode_uidgid);
+
+/**
+ * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace
+ * @tsk: The task that may be ptraced
+ * @ns: The user namespace to search for CAP_SYS_PTRACE in
+ *
+ * Return true if the task that is ptracing the current task had CAP_SYS_PTRACE
+ * in the specified user namespace.
+ */
+bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns)
+{
+	int ret = 0;  /* An absent tracer adds no restrictions */
+	const struct cred *cred;
+	rcu_read_lock();
+	cred = rcu_dereference(tsk->ptracer_cred);
+	if (cred)
+		ret = security_capable_noaudit(cred, ns, CAP_SYS_PTRACE);
+	rcu_read_unlock();
+	return (ret == 0);
+}
author	Alex Shi <alex.shi@linaro.org>	2017-03-20 12:02:26 +0800
committer	Alex Shi <alex.shi@linaro.org>	2017-03-20 12:02:26 +0800
commit	d97f745e1d2fea4d2f308e5e06eee81a9a84f3f5 (patch)
tree	1a24a0ad0c33e1d6344d2454b61748afb74a6693 /kernel/capability.c
parent	cb370744bc101be91a0bc3e9fbdb670ab44df97d (diff)
parent	d9e0350d2575a20ee7783427da9bd6b6107eb983 (diff)